A large portion of Investigations relate to prior alerts. Currently I can only search my emails for the Investigations that involve a specific user/asset or are of an alert type. While this has been how I’ve sifted through historical events, I must then check every Investigation from my email search results to determine if its relevant. It would be extremely beneficial if we could directly search Investigation information and especially the notes. Plus, this would be critical for team continuity, as new team members don’t have the email history that I do.
Hi @mike_zetts! We are planning out improvements to investigations as I write this, and improved searchability, including searching users, assets, and content of notes are all part of what we’re exploring. Thank you for the feedback!
Thank you kindly for your response. I’ll be greatly looking forward to this coming to fruition. In the mean time, I have many other suggestions for improvements to submit. I appreciate your time and efforts!